sepolicy: Fix trusty_apploader avc denials
* File permissions missing Bug: 263305034 Test: ran com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot Change-Id: I5d0a56a4c31c66610414341118c4089d2c11f3e9 Signed-off-by: Donnie Pollitz <donpollitz@google.com>
This commit is contained in:
Donnie Pollitz
parent
6f15645932
commit
1df4e2dde8
2 changed files with 4 additions and 8 deletions
|
|
@ -1,11 +1,4 @@
|
|||
# b/263305034
|
||||
dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { ioctl };
|
||||
dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { open };
|
||||
dontaudit trusty_apploader dmabuf_system_heap_device:chr_file { read };
|
||||
dontaudit trusty_apploader tee_device:chr_file { ioctl };
|
||||
dontaudit trusty_apploader tee_device:chr_file { open };
|
||||
dontaudit trusty_apploader tee_device:chr_file { read write };
|
||||
# b/264489569
|
||||
userdebug_or_eng(`
|
||||
permissive trusty_apploader;
|
||||
')
|
||||
')
|
||||
|
|
|
|||
3
vendor/trusty_apploader.te
vendored
3
vendor/trusty_apploader.te
vendored
|
|
@ -2,3 +2,6 @@ type trusty_apploader, domain;
|
|||
type trusty_apploader_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(trusty_apploader)
|
||||
|
||||
allow trusty_apploader ion_device:chr_file r_file_perms;
|
||||
allow trusty_apploader tee_device:chr_file rw_file_perms;
|
||||
allow trusty_apploader dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue